mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 05:48:07 -05:00
gnu: ungoogled-chromium: Update to 81.0.4044.92-0.b484ad4 [security fixes].
This release fixes CVE-2020-6430, CVE-2020-6456, CVE-2020-6431, CVE-2020-6432, CVE-2020-6433, CVE-2020-6434, CVE-2020-6435, CVE-2020-6436, CVE-2020-6437, CVE-2020-6438, CVE-2020-6439, CVE-2020-6440, CVE-2020-6441, CVE-2020-6442, CVE-2020-6443, CVE-2020-6444, CVE-2020-6445, CVE-2020-6446, CVE-2020-6447, and CVE-2020-6448. * gnu/packages/chromium.scm (%preserved-third-party-files): Adjust for 81. (%chromium-version): Set to 81.0.4044.92. (%ungoogled-revision): Set to b484ad4c0bdb696c86d941798ae6b0e2bd0db35d. (%debian-revision): Set to debian/81.0.4044.92-1. (%chromium-origin, %ungoogled-origin, %debian-origin): Update hashes. (ungoogled-chromium-source): Remove PYTHON-2 from the environment, use PYTHON-WRAPPER instead. Call "remove_bundled_libraries.py" using PYTHON-2 directly. (ungoogled-chromium)[arguments]: Remove "is_cfi=false" from #:configure-flags. Adjust CXXFLAGS to ignore unknown compiler warnings. [inputs]: Change from ICU4C to ICU4C-66.1.
This commit is contained in:
parent
e15acf8cac
commit
25c93be652
1 changed files with 23 additions and 19 deletions
|
@ -135,8 +135,11 @@ (define %preserved-third-party-files
|
|||
"third_party/dawn" ;ASL2.0
|
||||
"third_party/depot_tools/owners.py" ;BSD-3
|
||||
"third_party/devtools-frontend" ;BSD-3
|
||||
"third_party/devtools-frontend/src/front_end/third_party/fabricjs" ;Expat
|
||||
"third_party/devtools-frontend/src/front_end/third_party/wasmparser" ;ASL2.0
|
||||
"third_party/devtools-frontend/src/third_party/axe-core" ;MPL2.0
|
||||
"third_party/devtools-frontend/src/third_party/pyjson5" ;ASL2.0
|
||||
"third_party/devtools-frontend/src/third_party/typescript" ;ASL2.0
|
||||
"third_party/dom_distiller_js" ;BSD-3
|
||||
"third_party/emoji-segmenter" ;ASL2.0
|
||||
"third_party/flatbuffers" ;ASL2.0
|
||||
|
@ -196,7 +199,6 @@ (define %preserved-third-party-files
|
|||
"third_party/qcms" ;Expat
|
||||
"third_party/rnnoise" ;BSD-3
|
||||
"third_party/s2cellid" ;ASL2.0
|
||||
"third_party/sfntly" ;ASL2.0
|
||||
"third_party/skia" ;BSD-3
|
||||
"third_party/skia/include/third_party/skcms" ;BSD-3
|
||||
"third_party/skia/third_party/skcms" ;BSD-3
|
||||
|
@ -206,7 +208,6 @@ (define %preserved-third-party-files
|
|||
"third_party/spirv-headers" ;ASL2.0
|
||||
"third_party/SPIRV-Tools" ;ASL2.0
|
||||
"third_party/sqlite" ;Public domain
|
||||
"third_party/ungoogled" ;BSD-3
|
||||
"third_party/usb_ids" ;BSD-3
|
||||
"third_party/usrsctp" ;BSD-2
|
||||
"third_party/wayland/wayland_scanner_wrapper.py" ;BSD-3
|
||||
|
@ -247,9 +248,9 @@ (define* (computed-origin-method gexp-promise hash-algo hash
|
|||
#:system system
|
||||
#:guile-for-build guile)))
|
||||
|
||||
(define %chromium-version "80.0.3987.163")
|
||||
(define %ungoogled-revision "516e2d990a50a4bbeb8c583e56333c2935e2af95")
|
||||
(define %debian-revision "debian/80.0.3987.116-1")
|
||||
(define %chromium-version "81.0.4044.92")
|
||||
(define %ungoogled-revision "b484ad4c0bdb696c86d941798ae6b0e2bd0db35d")
|
||||
(define %debian-revision "debian/81.0.4044.92-1")
|
||||
(define package-revision "0")
|
||||
(define %package-version (string-append %chromium-version "-"
|
||||
package-revision "."
|
||||
|
@ -263,7 +264,7 @@ (define %chromium-origin
|
|||
%chromium-version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0ikk4cgz3jgjhyncsvlqvlc03y7jywjpa6v34fwsjxs88flyzpdn"))))
|
||||
"0i0szd749ihb08rxnsmsbxq75b6x952wpk94jwc0ncv6gb83zkx2"))))
|
||||
|
||||
(define %ungoogled-origin
|
||||
(origin
|
||||
|
@ -274,7 +275,7 @@ (define %ungoogled-origin
|
|||
(string-take %ungoogled-revision 7)))
|
||||
(sha256
|
||||
(base32
|
||||
"0nm55qq4ahw9haf5g7hmzic4mr2xjgpay7lxps7xjp7s1pda4g0q"))))
|
||||
"071a33idn2zcix6z8skn7y85mhb9w5s0bh0fvrjm269y7cmjrh3l"))))
|
||||
|
||||
(define %debian-origin
|
||||
(origin
|
||||
|
@ -288,7 +289,7 @@ (define %debian-origin
|
|||
(_ (string-take %debian-revision 7)))))
|
||||
(sha256
|
||||
(base32
|
||||
"1cc5sp566dd8f2grgr770xwbxgxf58dk1w7q3s8pmv4js5h3pwq8"))))
|
||||
"0srgbcqga3l75bfkv3bnmjk416189nazsximvzdx2k5n8v5k4p3m"))))
|
||||
|
||||
;; This is a "computed" origin that does the following:
|
||||
;; *) Runs the Ungoogled scripts on a pristine Chromium tarball.
|
||||
|
@ -319,8 +320,7 @@ (define ungoogled-chromium-source
|
|||
(list #+(canonical-package patch)
|
||||
#+(canonical-package xz)
|
||||
#+(canonical-package tar)
|
||||
#+python-2
|
||||
#+python))
|
||||
#+python-wrapper))
|
||||
|
||||
(copy-recursively #+ungoogled-source "/tmp/ungoogled")
|
||||
|
||||
|
@ -338,11 +338,11 @@ (define ungoogled-chromium-source
|
|||
|
||||
(format #t "Ungooglifying...~%")
|
||||
(force-output)
|
||||
(invoke "python3" "utils/prune_binaries.py" chromium-dir
|
||||
(invoke "python" "utils/prune_binaries.py" chromium-dir
|
||||
"pruning.list")
|
||||
(invoke "python3" "utils/patches.py" "apply"
|
||||
(invoke "python" "utils/patches.py" "apply"
|
||||
chromium-dir "patches")
|
||||
(invoke "python3" "utils/domain_substitution.py" "apply" "-r"
|
||||
(invoke "python" "utils/domain_substitution.py" "apply" "-r"
|
||||
"domain_regex.list" "-f" "domain_substitution.list"
|
||||
"-c" "/tmp/domainscache.tar.gz" chromium-dir)
|
||||
|
||||
|
@ -390,13 +390,13 @@ (define ungoogled-chromium-source
|
|||
|
||||
(format #t "Pruning third party files...~%")
|
||||
(force-output)
|
||||
(apply invoke "python"
|
||||
(apply invoke (string-append #+python-2 "/bin/python")
|
||||
"build/linux/unbundle/remove_bundled_libraries.py"
|
||||
"--do-remove" preserved-files)
|
||||
|
||||
(format #t "Replacing GN files...~%")
|
||||
(force-output)
|
||||
(invoke "python3" "build/linux/unbundle/replace_gn_files.py"
|
||||
(invoke "python" "build/linux/unbundle/replace_gn_files.py"
|
||||
"--system-libraries" "ffmpeg" "flac" "fontconfig"
|
||||
"freetype" "harfbuzz-ng" "icu" "libdrm" "libevent"
|
||||
"libjpeg" "libpng" "libvpx" "libwebp" "libxml"
|
||||
|
@ -462,7 +462,6 @@ (define-public ungoogled-chromium
|
|||
;; directory for an exhaustive list of supported flags.
|
||||
;; (Note: The 'configure' phase will do that for you.)
|
||||
(list "is_debug=false"
|
||||
"is_cfi=false"
|
||||
"use_gold=false"
|
||||
"use_lld=false"
|
||||
"clang_use_chrome_plugins=false"
|
||||
|
@ -648,8 +647,13 @@ (define-public ungoogled-chromium
|
|||
(setenv "AR" "ar") (setenv "NM" "nm")
|
||||
(setenv "CC" "clang") (setenv "CXX" "clang++")
|
||||
|
||||
;; Do not optimize away null pointer safety checks.
|
||||
(setenv "CXXFLAGS" "-fno-delete-null-pointer-checks")
|
||||
(setenv "CXXFLAGS"
|
||||
(string-join
|
||||
'(;; Do not optimize away null pointer safety checks.
|
||||
"-fno-delete-null-pointer-checks"
|
||||
;; Disable warnings about unknown warnings that require
|
||||
;; Clang plugins or newer versions.
|
||||
"-Wno-unknown-warning-option")))
|
||||
|
||||
;; TODO: pre-compile instead. Avoids a race condition.
|
||||
(setenv "PYTHONDONTWRITEBYTECODE" "1")
|
||||
|
@ -795,7 +799,7 @@ (define-public ungoogled-chromium
|
|||
("glib" ,glib)
|
||||
("gtk+" ,gtk+)
|
||||
("harfbuzz" ,harfbuzz)
|
||||
("icu4c" ,icu4c)
|
||||
("icu4c" ,icu4c-66.1)
|
||||
("jsoncpp" ,jsoncpp)
|
||||
("lcms" ,lcms)
|
||||
("libevent" ,libevent)
|
||||
|
|
Loading…
Reference in a new issue